SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGINIMPORTS    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF    MODULE-IDENTITY, OBJECT-TYPE,    snmpModules                           FROM SNMPv2-SMI    TestAndIncr,    RowStatus, StorageType                FROM SNMPv2-TC    SnmpAdminString,    SnmpSecurityLevel,    SnmpSecurityModel                     FROM SNMP-FRAMEWORK-MIB;snmpVacmMIB       MODULE-IDENTITY    LAST-UPDATED "9711200000Z"            -- 20 Nov 1997, midnight    ORGANIZATION "SNMPv3 Working Group"    CONTACT-INFO "WG-email:   snmpv3@tis.com                  Subscribe:  majordomo@tis.com                              In message body:  subscribe snmpv3                  Chair:      Russ Mundy                              Trusted Information Systems                  postal:     3060 Washington Rd                              Glenwood MD 21738                              USA                  email:      mundy@tis.com                  phone:      +1-301-854-6889                  Co-editor:  Bert Wijnen                              IBM T.J. Watson Research                  postal:     Schagen 33                              3461 GL Linschoten                              Netherlands                  email:      wijnen@vnet.ibm.com                  phone:      +31-348-432-794                  Co-editor:  Randy Presuhn                              BMC Software, Inc                  postal:     1190 Saratoga Avenue, Suite 130                              San Jose, CA  95129-3433                              USA                  email:      rpresuhn@bmc.com                  phone:      +1-408-556-0720                  Co-editor:  Keith McCloghrie                              Cisco Systems, Inc.                  postal:     170 West Tasman Drive                              San Jose, CA  95134-1706                              USA                  email:      kzm@cisco.com                  phone:      +1-408-526-5260                 "    DESCRIPTION  "The management information definitions for the                  View-based Access Control Model for SNMP.                 "    ::= { snmpModules 5 }-- Administrative assignments ****************************************vacmMIBObjects      OBJECT IDENTIFIER ::= { snmpVacmMIB 1 }vacmMIBConformance  OBJECT IDENTIFIER ::= { snmpVacmMIB 2 }-- Information about Local Contexts **********************************vacmContextTable OBJECT-TYPE    SYNTAX       SEQUENCE OF VacmContextEntry    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "The table of locally available contexts.                 This table provides information to SNMP Command                 Generator applications so that they can properly                 configure the vacmAccessTable to control access to                 all contexts at the SNMP entity.                 This table may change dynamically if the SNMP entity                 allows that contexts are added/deleted dynamically                 (for instance when its configuration changes). Such                 changes would happen only if the management                 instrumentation at that SNMP entity recognizes more                 (or fewer) contexts.                 The presence of entries in this table and of entries                 in the vacmAccessTable are independent.  That is, a                 context identified by an entry in this table is not                 necessarily referenced by any entries in the                 vacmAccessTable; and the context(s) referenced by an                 entry in the vacmAccessTable does not necessarily                 currently exist and thus need not be identified by an                 entry in this table.                 This table must be made accessible via the default                 context so that Command Responder applications have                 a standard way of retrieving the information.                 This table is read-only. It cannot be configured via                 SNMP.                "    ::= { vacmMIBObjects 1 }vacmContextEntry OBJECT-TYPE    SYNTAX       VacmContextEntry    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "Information about a particular context."    INDEX       {                  vacmContextName                }    ::= { vacmContextTable 1 }VacmContextEntry ::= SEQUENCE    {        vacmContextName SnmpAdminString    }vacmContextName  OBJECT-TYPE    SYNTAX       SnmpAdminString (SIZE(0..32))    MAX-ACCESS   read-only    STATUS       current    DESCRIPTION "A human readable name identifying a particular                 context at a particular SNMP entity.                 The empty contextName (zero length) represents the                 default context.                "    ::= { vacmContextEntry 1 }-- Information about Groups ******************************************vacmSecurityToGroupTable OBJECT-TYPE    SYNTAX       SEQUENCE OF VacmSecurityToGroupEntry    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "This table maps a combination of securityModel and                 securityName into a groupName which is used to define                 an access control policy for a group of principals.                "    ::= { vacmMIBObjects 2 }vacmSecurityToGroupEntry OBJECT-TYPE    SYNTAX       VacmSecurityToGroupEntry    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "An entry in this table maps the combination of a                 securityModel and securityName into a groupName.                "    INDEX       {                  vacmSecurityModel,                  vacmSecurityName                }    ::= { vacmSecurityToGroupTable 1 }VacmSecurityToGroupEntry ::= SEQUENCE    {        vacmSecurityModel               SnmpSecurityModel,        vacmSecurityName                SnmpAdminString,        vacmGroupName                   SnmpAdminString,        vacmSecurityToGroupStorageType  StorageType,        vacmSecurityToGroupStatus       RowStatus    }vacmSecurityModel OBJECT-TYPE    SYNTAX       SnmpSecurityModel(1..2147483647)    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "The Security Model, by which the vacmSecurityName                 referenced by this entry is provided.                 Note, this object may not take the 'any' (0) value.                "    ::= { vacmSecurityToGroupEntry 1 }vacmSecurityName OBJECT-TYPE    SYNTAX       SnmpAdminString (SIZE(1..32))    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "The securityName for the principal, represented in a                 Security Model independent format, which is mapped by                 this entry to a groupName.                 The securityName for a principal represented in a                 Security Model independent format.                "    ::= { vacmSecurityToGroupEntry 2 }vacmGroupName    OBJECT-TYPE    SYNTAX       SnmpAdminString (SIZE(1..32))    MAX-ACCESS   read-create    STATUS       current    DESCRIPTION "The name of the group to which this entry (e.g., the                 combination of securityModel and securityName)                 belongs.                 This groupName is used as index into the                 vacmAccessTable to select an access control policy.                "    ::= { vacmSecurityToGroupEntry 3 }vacmSecurityToGroupStorageType OBJECT-TYPE    SYNTAX       StorageType    MAX-ACCESS   read-create    STATUS       current    DESCRIPTION "The storage type for this conceptual row.                 Conceptual rows having the value 'permanent' need not                 allow write-access to any columnar objects in the row.                "    DEFVAL      { nonVolatile }    ::= { vacmSecurityToGroupEntry 4 }vacmSecurityToGroupStatus OBJECT-TYPE    SYNTAX       RowStatus    MAX-ACCESS   read-create    STATUS       current    DESCRIPTION "The status of this conceptual row.                 The  RowStatus TC [RFC1903] requires that this                 DESCRIPTION clause states under which circumstances                 other objects in this row can be modified:                 The value of this object has no effect on whether                 other objects in this conceptual row can be modified.                "    ::= { vacmSecurityToGroupEntry 5 }-- Information about Access Rights ***********************************vacmAccessTable  OBJECT-TYPE    SYNTAX       SEQUENCE OF VacmAccessEntry    MAX-ACCESS   not-accessible    STATUS       current    DESCRIPTION "The table of access rights for groups.                 Each entry is indexed by a contextPrefix, a groupName                 a securityModel and a securityLevel.  To determine                 whether access is allowed, one entry from this table                 needs to be selected and the proper viewName from that                 entry must be used for access control checking.                 To select the proper entry, follow these steps:                 1) the set of possible matches is formed by the                    intersection of the following sets of entries:                      the set of entries with identical vacmGroupName                      the union of these two sets:                       - the set with identical vacmAccessContextPrefix                       - the set of entries with vacmAccessContextMatch                         value of 'prefix' and matching                         vacmAccessContextPrefix                      intersected with the union of these two sets:                       - the set of entries with identical                         vacmSecurityModel                       - the set of entries with vacmSecurityModel                         value of 'any'                      intersected with the set of entries with                      vacmAccessSecurityLevel value less than or equal                      to the requested securityLevel                 2) if this set has only one member, we're done                    otherwise, it comes down to deciding how to weight                    the preferences between ContextPrefixes,                    SecurityModels, and SecurityLevels as follows:                    a) if the subset of entries with identical                       securityModels is not empty, discard the rest.